Twitter’s Two-Step Authentication Feature: Success or Failure?

August 19, 2013

With over 500 million registered users, Twitter is flying high among the giants of social media. The fact that the service is in high demand has made it a target for identity thieves looking to use social media networks to victimize people.

Phishing scams, for instance, remain a favorite among identity thieves. One particular scam involves direct messages sent to potential victims. These messages usually contain a link that, when clicked, leads to what looks like the Twitter login page. The operative words here are “looks” and “like”, since the page is actually just a cleverly made trap. Entering your login info on that page will give the scammers access to your real Twitter account and whatever other important information you have there.

Identity theft through social media can also happen when you get taken in by a fake Twitter account. It doesn’t take much to impersonate someone on Twitter. Just look at the sheer number of fake celebrity accounts, for example. While annoying, Twitter admins can take these pretenders down as long as you are able to convince them of your identity. It’s not exactly a deterrent but it can help you get rid of the fake accounts.

It is a lot harder to actually hack into a Twitter account and hijack it, especially if you have a strong password. Unfortunately, it still happens. Not even big companies are safe. The Associated Press, for example, recently suffered a hacking attack that resulted in the Dow plunging 145 points. Yes, something as small as a single Tweet can affect stock markets.

In order to make sure that its users have extra protection against account hijackers and identity thieves, Twitter has implemented a new security feature that uses a two-step authentication process. A user who registers his or her mobile phone number will receive a text message containing a six-digit code every time they log on to their account. The code must then be entered in order to finalize the login. This means that anybody trying to hack into your Twitter account will need access to both your password and your mobile phone. Both Facebook and Google also have their own versions of this security feature.

One of the upsides of the new feature is that it alerts you if unauthorized persons ever try to log on to your Twitter or Facebook or Google account. It’s very useful if your login information is ever compromised either through hacking, phishing, or via an unrelated breach on a database somewhere else on the web. That last one is a particularly tricky problem, since it’s basically outside of the user’s control.

Some experts, however, believe that the new feature will largely go unused by most Twitter users. Why? Because having to wait for a text message before you can log on is a bit of a hassle, apparently. In addition, experts believe that people don’t quite trust social media companies to provide them with such sensitive information.

Online security firm Avira found in 2012 that over 80% of people think that a social networking site will either steal or misuse their information. Ironic, since security features such as the one Twitter has added were actually implemented to protect people from a stolen identity online.

There’s also the matter or losing your mobile phone. Without it, you won’t be able to log on to your Twitter account if you have the two-step authorization feature enabled. Staying always logged on and changing the registered number doesn’t work, since you still need to enter a code sent to the number you originally registered. The only other solution remaining is to contact Twitter’s support team.

Another roadblock is that not every mobile carrier is supported by Twitter. If you register a number that’s on an unsupported carrier, you are basically locking yourself out of your Twitter account. You can check a list of supported mobile carriers here. Twitter plans to add support for more mobile carriers in the future.

Furthermore, you can only use one phone number to secure one account. If you happen to have multiple accounts, you are going to need more mobile numbers if you want to keep all of them protected by the two-step authentication service. This is a particularly big hurdle for Twitter accounts that are used by more than one person. For example, those used by news services or big blogs. Staying logged on forever is considered a bad idea in terms of security. Always having to contact the person who owns the mobile number tied to the account is also more of a hassle than a solution.

All of these problems don’t bode well for user adoption of the new authentication process. If seen from the perspective of a person who only uses one Twitter account, it can prove very useful. The thing is it can’t protect everybody. Not just yet, anyway. It still remains to be seen if Twitter rolls out new features that address the shortcomings currently plaguing the two-step authentication feature.

Whether you decide to enable the feature on not, it’s important to remember that preventing identity theft is as much your responsibility as it is that of whatever social networking service you use. Make sure you have a strong password, preferably something long with a mix of letters, numbers, and symbols. Don’t click on suspicious links, especially if they’re from someone you don’t know personally. Also keep your PC, smartphone, or tablet’s OS up to date. Invest in a good anti-virus program, too. Finally, remember that social networking sites are public. Be careful with the information that you share and who you share it with.

Vigilance is a big factor in preventing identity theft, be it online or in the real world. If you found this article useful, please don’t hesitate to share it with your friends and family. You can also give us your own opinion on the matter in our comments section below.